docs/changelogs/v25.8.17.37-lts.md
analyzer_compatibility_join_using_top_level_identifier with multiple joins. #90010 (Vladimir Cherkasov).SELECT queries with the enabled query condition cache. Fixes #90176. Fixes #90054. #90204 (Anton Popov).ALTER UPDATE queries when a remote table function is used with localhost as a target host. #90761 (pufit).ATTACH queries for a view with SQL Security. This prevents potential privilege escalation when a user attaches a view with a definer without validating required access. #94865 (pufit).USING clause. Previously, subsequent joins incorrectly updated types of underlying source columns to a common supertype even when the column was not involved in that join (e.g., in SELECT t2.a FROM t1 LEFT JOIN t2 USING (a) LEFT JOIN t3 USING (a), the t2.a column is only used by the first join, so its type should be the supertype of t1.a and t2.a, excluding t3.a). This could lead to logical errors or crashes when functions expected different column types than what actually appeared in the execution plan. #95157 (Vladimir Cherkasov).mergeTreeProjection table function was missing an access check, allowing users without SELECT permission on a table (but with permissions for table functions) to read data from its projections. This fix adds the same access check that mergeTreeIndex and mergeTreeAnalyzeIndexes already have. #95480 (Alexey Milovidov).JSON(SKIP path) all JSON keys with prefix path were skipped, even keys like "pathpath", so it could lead to data loss for these paths during insert. Now it's fixed and only key "path" is skipped. #95948 (Pavel Kruglov).global_profiler_real_time_period_ns and global_profiler_cpu_time_period_ns). Instead of set value, a truncated value was used, causing profiler to wakeup more than intended. #96048 (Antonio Andelic).AccessRights::contains returning incorrect results with partial revokes. #96170 (pufit).max_execution_time values. #96450 (Sergei Trifonov).min(timestamp) returning epoch (1970-01-01) via _minmax_count_projection after TTL merge when all rows in a block are filtered out. #96703 (Raquel Barbadillo).std::terminate exception in indexOfAssumeSorted when called with incompatible types (e.g., IPv4 array with integer search value). #96877 (Alexey Milovidov).BaseSettings::readBinary passes the index from accessor.find to field_infos[] without checking for the not-found sentinel value (i.e., -1), which may cause a std::vector out-of-bounds access. The issue was caught thanks to libcxx hardening. This probably happened during query plan deserialization when a newer server sends a setting unknown to an older server. The string-based read method already handles this correctly; readBinary was missing the same check. #97585 (Miсhael Stetsyuk).grace_hash algorithm is used with non-equi joins and left block cannot be processed completely because of the size constraints on the join result. #97866 (János Benjamin Antal).arrayJoin in filter expression. #98147 (Alexey Milovidov).MergeTreeSetIndex" triggered by toDate conversion on key columns with data crossing the 65535 boundary. #98276 (Alexey Milovidov).WriteBufferFromHTTPServerResponse::onProgress() for async restore started via HTTP protocol. #92103 (Vitaly Baranov).applyUncommittedState for deltas without paths. #95846 (Alexey Milovidov).